P
US9930071B2ActiveUtilityPatentIndex 50

System and methods for secure utilization of attestation in policy-based decision making for mobile device management and security

Assignee: SEQUITUR LABS INCPriority: Jul 18, 2012Filed: May 18, 2016Granted: Mar 27, 2018
Est. expiryJul 18, 2032(~6 yrs left)· nominal 20-yr term from priority
Inventors:ATTFIELD PHILIPCHENARD PAULCURRY SIMONTING VINCENTREED MARKBAAR DAVID
G06F 21/57G06F 21/51H04W 12/10H04L 63/0823H04W 12/06G06F 21/6209G06F 21/53G06F 2221/2101H04L 63/20H04L 63/06G06F 21/606H04W 12/12H04L 63/1433H04W 12/37
50
PatentIndex Score
0
Cited by
29
References
6
Claims

Abstract

Policy-based client-server systems and methods for attestation in managing and securing mobile computing devices. Attestation provides the means to make efficient, secure, and reproducible use of knowledge possessed by trusted expert parties and authorities within the expression and enforcement of policies for controlling use of, and access to, onboard software and hardware, network capabilities, and remote assets and services. Aspects of secure attestation of applications that use shared and dynamically loaded libraries are presented, as well as potential business models for attestation used in such a policy-based system. The system of the present invention resolves attestation record conflicts using digital certificates and digital signatures.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
       1. A system to manage and secure computing devices by adjudicated resource decisions comprising:
 a secured policy-based control system having a processor to compute adjudicated resource decisions based on a resource identifier, at least one associated attestation record, and secure, policy-driven conditions for permitted operations on the identified resource, configured to resolve conflicts between attestation records; 
 an attestation non-transitory memory coupled to the policy-based control system, to store resource identifiers, associated attestation record and secure, policy-driven conditions for permitted operations on the identified resource; 
 a first interface to receive requests for adjudicated resource decisions from computing devices; 
 a second interface to retrieve the resource identifier associated with the subject resource decision, where the requesting computing device has no access to the policy-driven conditions used in the adjudication, to retrieve the attestation record associated with the resource identifier and to retrieve the secure, policy-driven conditions for permitted operations on the identified resource from the attestation non-transitory memory; 
 a third interface to transmit the resource identifier, associated attestation record and secure, policy-driven conditions for permitted operations on the identified resource to the policy-based control system; and 
 a fourth interface, coupled to the policy-based control system to retrieve and to transmit the adjudicated resource decisions to the computing devices. 
 
     
     
       2. The system of  claim 1 , wherein attestation record conflicts are resolved using digital certificates and digital signatures. 
     
     
       3. The system of  claim 1  wherein attestation conflicts are resolved by applying a directed acyclic graph (DAG) of attesters. 
     
     
       4. A method to manage and secure computing devices by adjudicated resource decisions based on policy-driven condition for permitted operations, the method comprising the steps of:
 receiving a request for adjudication of a resource decision from a computing device where the requesting computing device has no access to the policy-driven conditions for permitted operations; 
 receiving a resource identifier, associated attestation records and secure, policy-driven permitted operations on the identified resource; 
 resolving any conflict between associated attestation records; 
 storing the resource identifier, associated attestation records, and secure, policy-driven permitted operations on the identified resource in a non-transitory memory; 
 transmitting the resource identifier, associated attestation records and secure policy-driven conditions for permitted operations on the identified resource to a policy-based control system for adjudication; 
 computing an adjudicated resource decision based on the resource identifier, associated attestation record and secure, policy-driven conditions for permitted operations on the identified resource; and 
 transmitting the adjudicated resource decision to a computing device. 
 
     
     
       5. The method of  claim 4 , wherein attestation record conflicts are resolved using digital certificates and digital signatures. 
     
     
       6. The method of  claim 4 , wherein conflicts between associated attestation records are resolved by applying a directed acyclic graph (DAG) of attesters.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.